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EXAMINER'S ANSWER 



This is in response to the appeal brief filed 10/5/201 1 appealing from the Office action 

mailed 8/1/2011. 
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(1) Real Party in Interest 

The statement identifying tine real party in interest is contained in the brief. 

(2) Related Appeals and Interferences 

The examiner is not aware of any related appeals, interferences, or judicial 
proceedings which will directly affect or be directly affected by or have a bearing 
on the Board's decision in the pending appeal. 

(3) Status of Claims 

The statement of the status of claims contained in the brief is correct. 

(4) Status of Amendments After Final 

The examiner has no comment on the appellant's statement of the status of 
amendments after final rejection contained in the brief. 

(5) Summary of Claimed Subject IMatter 

The examiner has no comment on the summary of claimed subject matter 
contained in the bnef. 

(6) Grounds of Rejection to be Reviewed on Appeal 

The examiner has no comment on the appellant's statement of the grounds of 
rejection to be reviewed on appeal. Every ground of rejection set forth in the 
Office action from which the appeal is taken (as modified by any advisory 
actions) is being maintained by the examiner except for the grounds of rejection 
(if any) listed under the subheading "WITHDRAWN REJECTIONS." New 
grounds of rejection (if any) are provided under the subheading "NEW 
GROUNDS OF REJECTION." 
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(7) Claims Appendix 

The examiner has no comment on the copy of the appealed claims contained in 
the Appendix to the appellant's brief. 

(8) Evidence Relied Upon 
Listing of evidence relied upon: 

6754'665 Futugami et al. 6-2004 

2002/0 1 56726 Kleckner et al . 1 0-2002 

2002/0062240 Morinville 5-2002 

7'131'071 Guneetal. 10-2006 



(9) Grounds of Rejection 

The following ground(s) of rejection are applicable to the appealed claims: 



Claim Rejections - 35 USC § 103 



7. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 



8. Claims 1 , 4, 1 5, 30, 37, 38, 45 and 46, 49-51 are rejected under 35 U.S.C. 1 03(a) 
as being unpatentable over Futugami et al. (US Patent No. 6754665, filed June, 2000), 
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hereinafter called Fug, in view of Kleckner and further in view of Morinville (US Patent 
Application Publication No. 2002/0062240, published May 23, 2002). 

8.1 . As per claims 1,15, 30, 45 and 46 Fug is directed to a system for approving 
security change (see figures 18-21 and associated text, describing a system for 
providing personal information between a management server 6 and a client terminal 
(access requester) which has issued a retrieval request and between the management 
server 6 and a client terminal of a user (personal information owner) whose personal 
information is requested. The system describes a situation where the information 
requestor requests a change in permission to access user personal information 
(restriction removal inquiry). Column 18 line 27 to col. 20 line 67, and particularly col. 20 
lines 60-67 teaches that a request for change in permissions to access user data is sent 
from a requestor and approved. User personal information is stored in a file (see for 
example col. 18 lines 7-25), and the file system is secured. The file system is secured 
because accessing to information requires authentication. Also see col. 17 line 62 to 
col. 18 line 37, where the personal information is stored on vcards, which is a file. 
Therefore, Fug teaches a system for receiving a request for the security change from a 
requestor, the security change being used for determining access rights to comprising 
permission to retrieve an electronic file from within a secure file store); 

Also, Kleckner is directed to a method for approving a security change (parag. 127 to 
1 32) for a file security system that secures electronic files (per abstract, Kleckner 
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provides a system that uses digital signatures to validate an amendment to a financial 
transaction. Parag. 135 shows that the transactions are performed using records (files) 
that are secured using digital signatures.), said method comprising: receiving a 
requested security change from a requestor (parag. 131 , where the new policy is 
communicated to a second security officer), the security change being used for 
determining access rights to an electronic file (paragraphs 134 and 1 35 show that the 
transaction record status is changed, pending valid approvals. Therefore, Kleckner 
teaches control access to the transaction record (electronic file)); identifying a plurality 
of approvers to approve or disapprove of the requested security change (the second 
security officer who verifies the change. Note that per parag. 131 , at least one officer is 
required to review, therefore suggesting a plurality of reviewers.) by accessing an 
approver set in an approval manager module (Kleckner teaches identifying approvers, 
but it does not explicitly teach an approval manager module that identifies the 
approvers. Morinville teaches a Build process (paragraph 0087 and Fig. 9) where the 
request for approval is built and the list of approvers is identified. Kleckner and 
Morinville are analogous art, as they are both directed to the process of obtaining 
approvals for change in a process. At the time of invention, it would have been obvious 
to the one skilled in art to include the process of approver identification as taught by 
Morinville, in Kleckner's system. The motivation to do so would have been to facilitate 
the creation of the approval process in Kleckner's system by using a system that allows 
creation of detailed and flexible approval process.); notifying the approvers of an 
approval request for the requested security change (Kleckner parag. 131 as discussed 
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above); determining whether the requested security change is approved based on 
responses from the approvers to the approval request (parag. 131 where the second 
security officer signs and stores the new policy in the database); and performing the 
requested security change when said determining determines that the requested 
security change has been approved (parag. 132). 

Morinville paragraph [0089] also teaches determining, for at least one response 
received from the approvers, whether it remains possible for a quorum of the approvers 
to approve the requested security change (see applicant disclosure at paragraph [0051] 
regarding the limitation, and note that Morinville paragraph [0089] teaches that the 
process of approval stops when it is determined that one of the necessary approvers 
has rejected the request. This means that the system determines, based on an 
approver decision (the one that rejected the request), whether it remains possible for 
the quorum to approve the request or not. 

Fug and Kleckner in view of Morinville are also analogous art, as they are both directed 
to a system for controlling access to information. At the time of invention it would have 
been obvious to implement the approval process of Kleckner in view of Morinville in the 
system of Fug, which manages permissions for providing personal information. The 
motivation would have been to improve the change inquiry process of Fug such that 
permission is allowed when a group of approvers approve the change request. This way 
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a user may rely on approvers' expertise to decide if lie/slie sliould allow access to 
his/her personal information. 



8.2. With regards to claim 4, Kleckner and Morinville are directed to a method as 
recited in claim 1 , wherein determining whether the requested security change in 
approved includes determining that no one of the plurality of approvers is authorized to 
individually approve the requested security change (Kleckner parag. 130). 

8.3. With regards to claims 37 and 38, Fug teaches a scenario where the personal 
information is stored on the requestor (Figure 4 and associated text shows user 
transmits its own information to a server. Therefore, the information is stored on the 
user side. This makes it obvious to use the system to manage information and 
permissions to access information on client's own computer.) and a scenario where the 
personal information is store on the server 6 (see figures 9 and 1 8 and associated 
text). 

8.4. As admitted by the applicant, the requirements of claims 49-51 are similar to the 
independent claims. 

9. Claims 2, 3, 5-1 4, 1 6, 1 8-29, 31 -36, 47 and 48 are rejected under 35 
U.S.C. 103(a) as being unpatentable over the combination of Fug, Kleckner and 
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Morinville as applied to claims 1,4, 15 and 30 above, and further in view of Gune et al. 
(US Patent No. 7,131,071, filed March 29, 2002). 

10. With regards to claims 2, 3, 5-14, Fug and Kleckner in view of Morinville is 
directed to the method of claim 1 and teaches an approval process to control changes 
to security policies. However, Fug and Kleckner in view of Morinville does not discuss 
all the additional details related to the approval process as required by the dependent 
claims. 

Kleckner, however, does require establishment of an approval process to perform trade 
approval, as well as an approval process to make changes to security policies. 
Therefore, a system capable of creating a detailed approval process would improve the 
system taught by Kleckner because it facilitates creation of the approval process 
required in Kleckner, and also makes creation of the approval process more flexible and 
efficient. 

Gune's invention is directed to a facility for defining an approval process (abstract) for 
approving different types of requests. Gune's system allows defining the details of 
elements of the approval process. At the time of invention, it would have been obvious 
for a person skilled in art to integrate Gune's facility, which allows detailed and flexible 
creation of an approval process (see for example col. 2 line 53 to col. 3 line 40), in the 
system of Kleckner to allow creation of a detailed approval process. As mentioned 
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above, the motivation to do so would have been to facilitate the creation of the approval 
process in Kleckner's system by using a system that allows creation of detailed and 
flexible approval process. 

The combined system of Fug, Kleckner, Morinville and Gune is directed to limitations of 
the claims as follows: 

1 0.1 . With regards to claims 2 and 3, transmission of notification to the approvers, and 
reception of their response using email is suggested by Kleckner col. 1 , lines 25 to 37. 

1 0.2. With regards to claim 5, Gune teaches arrangement of approvers in sets in col. 
11 lines 18-25. 

1 0.3. With regards to claim 6, Kleckner col. 9 lines 1 2 to 51 describes the AND 
approval process element, which requires two or more paths (approval process 
elements) to be approved independently so the overall process could be approved. 
Moreover, Fig. 21 describes an example showing each element (which could be a 
group, as discussed in rejection of claim 5) required to be approved independently for 
the entire process to be approved. Therefore, Gune teaches approval determining 
requiring approval from more than one plurality of groups. 
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1 0.4. As per claim 7, Gune col. 1 lines 36 to 44 shows a hierarchical approval process, 
which progression to a next level of hierarchy requires approval from the current level. 

1 0.5. With regards to claim 8, the security officers of Kleckner are users of the security 
system as they use the system to secure the transactions. 

1 0.6. With regards to claim 9, Gune col. 1 3, lines 33 to 43 indicates that subset of each 
element, which includes the group element could be used to define the approval 
process. Therefore, Gune teaches an approval process wherein a subset of set of 
approvers can approve the request. 

1 0.7. With regards to claim 1 0, Gune col. 1 2 lines 3 to 1 2 describes creating an 
approval process relative to the type of request. Therefore, Gune teaches an approval 
process wherein the selected elements (approvers) are dependent on the type of 
request. 

10.8. With regards to claim 1 1 , Gune col. 10, lines 30-35 teaches selecting an 
approver based on its position relative to the creator of the request. Therefore Gune 
teaches and approval process wherein the approvers are identified depending on the 
requestor. 
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10.9. With regards to claims 12 and 13, Gune col. 3, lines 19-27 teach simultaneous 
and concurrent notification of approvers. 

10.10. With regards to claim 14, Kleckner teaches a system for securing trade records, 
which are electronic documents. 

1 0.1 1 . With regards to claim 1 6, Kleckner teaches the importance of separation of 
duties, and also teaches the security policy changes approval by a security officer and 

not the administrator. Therefore, Kleckner teaches an approval manager who changes 
approval process without any interaction form administrator(s). 

10.12. With regards to claim 19, use of digital signatures to authenticate the sender of 
an email message was well-known to a person skilled in art at the time of invention. 

1 0.1 3. With regards to claims 20 and 29, a key store connected to the system that uses 
digital signatures is inherent to systems using digital signature because keys are 
integral parts of digital signatures. 

10.14. The limitations of the following claim are substantially the same as the 
corresponding claim: 



Claims 18 and 31 correspond to claim 2 
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Claims 19 and 32 correspond to claim 3 
Claims 21 and 33 correspond to claim 4 
Claim 22 corresponds to claim 5 
Claim 23 corresponds to claim 6 
Claim 24 corresponds to claim 7 
Claim 25 corresponds to claim 8 
Claim 26 corresponds to claim 9 
Claim 27 corresponds to claim 10 
Claim 28 corresponds to claim 1 1 



Page 1 3 



10.15. The limitations of claims 34-36 are substantially the same as limitations of claims 
2, 3, and 4 sequentially, with the added limitation that if there is no approval required, 
the request is granted without the need to obtain approvals. This limitation is taught by 
Morinville paragraphs 77 or 86. 

10.16. Claims 47 and 48 are dependent on claims 34 and 36, with added limitation 
similar to claim 45. 

10.17. With regards to claims 39-44, the claims are dependent on independent claims 
discussed above with the added limitation of: determining, for at least one response 
received from the approvers, whether it is possible for a quorum of the approvers to 
approve the requested security change. 
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As discussed regarding the independent claims, the prior art teaches that the requested 
security change will happen when a quorum of approvers approve the request. 
Therefore, once the approval is indicated by the approvers, it makes it obvious to 
determine that it is possible for the quorum of approvers to approve the security change. 
This is because the quorum of approvers has already approved the request. See also 
the Response to Arguments section in the last Final rejection. 

(10) Response to Argument 

Response to Argument in appellant's section A: 

Appellant's argument is based on the following feature of claims: 

"determining, for at least one response received from the approvers, whether it 
remains possible for a quorum of the approvers to approve the requested 

security change". 

First, appellant argues that Morinville does not teach a quorum. In response. Examiner 

refers to appellant's own citations of Morinville (paragraphs [0067-0068]) as reflected in 
their Appeal Brief pages 20-22. In that citation, appellant describes Morinville's approval 
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process as involving identifying tine riglit participants in a business process (e.g. a 
request). Said participants would approve the process. Therefore, Morinville clearly 
teaches a quorum of approvers. Furthermore, as agreed by the appellant, Morinville 
teaches; 

"[i]f two management levels are necessary for approval, the first level manager 
and the second level manager would be identified. The same process is used to 
identify however any levels of management are necessary" 

Therefore, all managers are not part of the approval process. The ones necessary are 
identified, and put as part of the approval process. The group of selected managers 
equates to appellant's quorum. This approval process may be hierarchical, but nothing 
in the claim states that it shouldn't be. In fact, appellant's original specification at 
paragraph [0024] agrees with use of hierarchical arrangements. Therefore, Morinville 
teaches a quorum of approvers. 

Appellant then argues that the feature mentioned above is not taught by Morinville. 
Appellant's brief at page 22 refers to a non-limiting example reflected in their 
specification paragraph [0049]. Appellant states that "a quorum of approvers" may be 
interpreted as more than 50% of the approvers. Examiner is not sure whether appellant 
meant to say that the quorum has to include more that 50% of the possible approvers, 
or that more than 50% of the members of quorum are needed to approve a request. In 
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the former case, such requirement is not part of the claim (note that appellant admits 
that this is a non-limiting example). In the later case, again the requirement is not part of 
the claim, but even if it was, it would not have overcome Morinville's teaching. Morinville 
requires 1 00% of the vote to approve a request. This fits with more than 50%. 

In fact, this is the focal point of Examiner's argument; nothing in said claimed feature 
distinguishes it from a scenario where the approval process fails when one of the 
members of the quorum disapproves the request. Said scenario is depicted by 
Morinville. Referring to paragraph [0089], Morinville teaches said feature as it clearly 
requires that the status of a request is viewed by the requester and the approvers. As a 
request is approved, this information is made available to approvers. Also, if one 
approver declines the request, the approval process is complete. Therefore, the system 
will continue only if the received decision is not a decline. Therefore, the system has 
determined if it is still possible for the request to be approved or not, and acted 
accordingly. This is conceptually the same as the example in the appellant's original 
specification at paragraph [0049] (or published application paragraph [0051]). This is 
because they both show the same concept; continue the process only if it is still 
possible to obtain an approval, and stop if it is not possible. 

As mentioned before, nothing in the claim limits it such that Morinville's scenario would 
not be applicable. This point has been communicated to the appellant in previous office 
actions, and particularly in the Final rejection. 
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At page 23 of the brief, appellant argues that in Morinville, it is not possible to determine 
with the approval of one business manager, whether a quorum of business managers 
approve the decision, because the decision must be unanimous. It is true that in 
Morinville, the decision has to be unanimous, but the claim does not require 
determining, with the approval of one business manager, whether a quorum of business 
managers approve the decision. The claim requires determining whether it remains 
possible to obtain approval. Morinville teaches that by its actions. Namely, the 
approvers are to receive reminders (after an aging period) that a request is pending 
(paragraph [0089]). Based on this teaching, the one skilled in art would clearly realize 
that such notifications are sent only if it is still possible to approve. 

Accordingly, Morinville teaches "determining, for at least one response received from 
the approvers, whether it remains possible for a quorum of the approvers to approve the 
requested security change". 

Response to Argument in appellant's section B: 

Applicant's initial argument is based on the similar argument discussed in section A of 
appellant's argument. 
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With regards to claim 29, and examiner's Official Notice, appellant argues that the 
Examiner has failed to demonstrate that the facts asserted are well-known. 

However, first, it is noted that examiner had relied on the same finding in the Non-Final 
Office Action dated 1/18/201 1 . Appellant's response to said action, dated 5/18/201 1 , did 
not traverse such finding. 

Second, according to MPEP section 2144.03 subsection C: 

"To adequately traverse such a finding, an applicant must specifically point out 
the supposed errors in the examiner's action, which would include stating why 
the noticed fact is not considered to be common knowledge or well-known in the 
art. See 37 CFR 1.111 (b). See also Chevenard, 1 39 F.2d at 71 3, 60 USPQ at 
241 ("[l]n the absence of any demand by appellant for the examiner to produce 
authority for his statement, we will not consider this contention.")." 

Without such traverse, Examiner cannot determine which part of the finding is 
questionable to the appellant. Examiner believes Digital signatures were well known in 
the art. To digitally sign a digital signature, you need a key. To use a key you will have 
to store it in a key store. These are all facts, and appellant has not produced a single 
reason to the contrary. Accordingly, appellant has not adequately traversed such 
finding, not during the prosecution of the application, and not even in the appeal brief. 
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Accordingly, Examiner finds appellant's argument non-persuasive. 
(11) Related Proceeding(s) Appendix 

No decision rendered by a court or the Board is identified by tlie examiner in the 
Related Appeals and Interferences section of this examiner's answer. 

For the above reasons, it is believed that the rejections should be sustained. 

Respectfully submitted, 

/Farid Homayounmehr/ 
Primary Examiner 
Art Unit, 24934 

Conferees: 
/Carl Colin/ 

Supervisory Patent Examiner, Art Unit 2493 

/Jung Kim/ 

Supervisory Patent Examiner, Art Unit 2494 



